When IOS XR Licenses Don’t Activate, What Then?

I came across a small but irritating issue with ASR / IOS XR licensing today, and since I found a way to fix it, I’m sharing my results.

Licensing IOS XR on the ASR9k

I have an ASR9006 with two A9K-MOD160-TR linecards on which I need to run VRFs, so I purchased two of the A9K-IVRF-LIC linecard-based VRF licenses. I got the PAK keys from my reseller, and went to Cisco’s licensing portal to fulfill both of them following the usual process with the PID and S/N information taken from admin show license udi. I downloaded the license file and transferred it to an accessible jump server, then from the regular privileged exec mode (rather than the admin exec mode), I used sftp to transfer the file to the router.

Why not use the admin exec to transfer the licenses?

Simple: to transfer the license file within the admin exec means using tftp or ftp:

RP/0/RSP0/CPU0:asr9006-1(admin)#copy ?
  /recurse        Recursively list subdirectories encountered
  WORD            Copy from file
  bootflash:      Copy from bootflash: file system
  disk0:          Copy from disk0: file system
  disk0a:         Copy from disk0a: file system
  disk1:          Copy from disk1: file system
  disk1a:         Copy from disk1a: file system
  disk2:          Copy from disk2: file system
 Continue reading

Can Teridion Really Boost Internet Throughput?

Teridion claims to bring cloud optimized routing to dynamic content delivery. The home page continues We go beyond traditional CDN and WAN optimization combining the best of SDN and NFV to generate a better QoS and QoE for customers of cloud-based content , application, and service providers. Got that? Perhaps it’s not the most succinct elevator pitch, but Teridion’s concept is at the very least interesting, and as a thought exercise it’s a fascinating look at how the Internet both enables us, yet fails us in so many ways. Even if the product is not for you, the problem Teridion claims to solve is an good thought exercise in and of itself, and it brings to the forefront the reliance we place on the internet despite the fact that we have no control over how our traffic traverses it.

Perhaps Morpheus is being slightly misleading in the image above, but otherwise the statement is pretty much true, although this isn’t a product intended for purchase by home users, for example. At its core, Teridion’s product concept is actually fairly simple. The Internet is used as a conduit to move data between locations around the world because it’s significantly more cost effective than Continue reading

USB Consoling Myself With Opengear’s ACM7004-5

Have you ever tried using the USB Console port on your network hardware? Me neither, and that’s mainly because the instructions typically begin with Download and install the USB console driver for your operating system, at which point I exhale deeply and get out my USB serial adapter instead. I think Opengear must have heard me sighing because the ACM7004-5 Remote Site Gateway device they’ve sent me to look at has four USB console ports built in.

Opengear ACM7004-5

The compact ACM7004-5 packs more power than its diminutive stature might at first suggest. Taking a look at the back panel reveals a densely-packed set of ports offering a total of four switched GigabitEthernet ports, four serial console ports (RJ-45) and four USB ports:

As with the other small Opengear devices I’ve tested, this model comes with a single rackmount bracket so it can be attached within a rack with relative ease. It’s only about five inches wide, so it’s not too hard to find a free space to locate it. If you aren’t blessed with a rack, there are small rubber feet that can be stuck on the underside. The power port is interesting; I find myself shouting for Continue reading

How Does NetBeez Rate For Troubleshooting?

Continuing from my previous NetBeez post, I’d like to share some more detail on the charting and reporting capabilities of the product, and my experience using NetBeez to troubleshoot some real network issues.

Incidentally, as advertising slogans go, this one is surprisingly effective; I was surprised at how many people do actually approach and say “Ok go on then, tell me about your beez?”

Hands On Operations

I have been able to spend some time digging around the interface in anger, as it were, and seeing whether the NetBeez tools might raise an alert that otherwise wasn’t caught by other systems. To that end, I have one happy story, but also a number of things I found I wanted to be able to do, but couldn’t. These are things I might not have thought about had I not actually been using them for real, rather than just with test data.

Charts

The actual charts are quite nicely put together, although getting there can be a little cumbersome unless linked directly from an alert or something. For example, here is the top of the list of Resources within one of my Target test sets:

If I click on the PING Continue reading

Ask Me About My Beez! A Look at NetBeez, 18 Months On.

I was first introduced to NetBeez at Networking Field Day 9, where I saw an interesting monitoring product using Raspberry Pi-based agents and a cloud-based management and reporting console. That was back in February 2015, but I met with NetBeez a second time at Networking Field Day 12 in September 2016. Eighteen months is plenty of time to make some significant updates, so I’m going to look at the current product from a capabilities perspective and also see how it works when using it in anger. As background it may be worth reading my review of NetBeez from June 2015 first.

NetBeez Overview

By way of a refresher, the NetBeez product is made of two parts:

• an Agent (aka a Beez, which always sounds odd to say because Beez sounds like it should be the plural form of the noun);
• a web management portal to which the agents send their data and from which the agents are managed and their uploaded data are analyzed.

The Agents

• FastEthernet – As I saw at NFD9, the FastEthernet Beez agent is a Raspberry Pi in a case with a NetBeez logo on it, and the micro-SD card slot is covered by Continue reading

Juniper NXTWORK2016 – Quick Review

What to say about NXTWORK2016, Juniper’s second customer conference? In short, I’m impressed.

The San Jose Marriot was once again the venue for the two-day NXTWORK conference, but this year things were clearly scaled up a little. Food tables which last year took up around 1/3 of the main ballroom this year moved to a large marquee which had been built just outside the hotel (it’s much better than it might sound at first).

Replacing last year’s food tables was a Social Media lounge which confused me slightly only because it didn’t seem to be much of an actual lounge, although it did seem to have a couple of classic PacMan machines to amuse anybody sitting there.

The middle section of the ballroom was occupied mainly by sponsor stands in what I think Juniper was once again calling a ‘midway’, and there was some comfortable seating as well.

The remainder of the ballroom had been divided off and was set up for general sessions and keynotes. Just down the hallway were a number of other rooms set up for technical breakout sessions and, as last year, a testing center where attendees could take Juniper exams.

NXTWORK2016 Keynotes / General Sessions

Continue reading

Unwrapping Tangled Device Configurations – A10 Networks Edition

If you’ve ever tried to interpret an A10 Networks load balancer configuration, or some Cisco Modular QoS CLI commands, you’ll know that doing so involves following references to other parts of the configuration, inevitably ones that appear earlier in the configuration than where you are now, using a display pager which doesn’t support a back command to scroll up a page at a time. In short, it’s a huge pain. The same applies to Cisco ACE and CSM load balancer configurations. The modularity is beautiful and logical, but it’s a massive irritation to reverse engineer.

Spaghetti Configurations

I work regularly with A10 Networks load balancers. ACOS (the A10 OS) has a CLI and configuration format that’s very similar to Cisco IOS. Looking at a particular vPort (A10 terminology for a particular Virtual IP (VIP) and Port combination) and trying to figure out which real servers are related to it is irritating to say the least. Here’s an example of the configuration in the order it appears when you view it:

ip nat pool pool1 10.100.1.1 10.100.1.126 netmask /25
!
health monitor checkstatus
   method http url /status expect code 200
!
slb server server1 1.2.3.4
   port  Continue reading

This Week: Solarwinds ThwackCamp 2016

Solarwinds ThwackCamp 2016 begins tomorrow, Wednesday September 14th.

I’m sharing this information in case it’s of interest, so here are some questions and answers in case you are curious.

What is ThwackCamp?

ThwackCamp is an annual, online, free training event offered by Solarwinds. It is organized into two streams, a “How-To” track which is more technical, and an “IT Industry” track which offers training with a slightly more holistic twist to it. There are 10 sessions offered over two days, and although my registrations are mostly How-To sessions, I did find an IT Industry session slipping in there; you can mix and match as you please.

How do I sign up for ThwackCamp?

Register on the Solarwinds ThwackCamp home page. Disclosure: I get 25% commission on every dollar you spend on ThwackCamp registrations using this link. You need to register for a free Solarwinds account if you don’t already have one, and you have to be logged in before you can register for the sessions you want to attend. Emails will arrive shortly thereafter with meeting invites attached so you can populate your calendar easily with session reminders. Remember: there are no travel costs involved, no registration cost and no hotel required. I mean, if you want to fly somewhere Continue reading

Python versus Go – Fighting in Prime Time

Which is faster, Python or Go? And by how much? This is the question I found myself asking earlier this week after troubleshooting a script that my son had written in Python to calculate prime numbers.

In The Red Corner – Python

My son worked out a fairly simple algorithm to generate prime numbers which we tweaked slightly to optimize it (things like not bothering to check even numbers, not checking divisors that are larger than 1/3 of the number, not checking any number ending in 5, and so on). I’m not saying that this is production-ready code, nor highly optimized, but it does appear to work, which is what matters. The resulting code looks like this:

#!/usr/bin/python

max = 100000

for tens in xrange(0,max,10):
    for ones in (1, 3, 7, 9):
        a = tens + ones

        halfmax = int(a/3) + 1
        prime = True

        for divider in xrange (3, halfmax, 2):
            if a % divider == 0:
                # Note that it's not a prime
                # and break out of the testing loop
                prime = False
                break

        # Check if prime is true
        if prime == True:
            print(a)

        # Fiddle to print 2 as prime
        if a == 1:
             Continue reading

Microservices Gone Wild – Tech Dive Part 4

In this last post of my four-part series on microservices, I’ll look at some of the positive aspects of microservices, and how much simpler they can potentially make things once you overcome the up-front effort required to make them work.

Scalability

When a monolithic app needs to scale, how can that be achieved? Well, for example:

• More RAM (if the app is memory-bound)
• More or Faster CPUs (if the app is CPU-bound)
• More instances of the app (front with a load balancer)

These are all effective ways to scale the application. What if one function within the application could really use a performance boost, even though the others are working just fine? Using a load balancer to distribute work requests can mean that scaling up the ability for a single module to process concurrent requests can be as simple as spinning up a few more containers and sharing the load:

There’s some effort required to allow the main program to issue concurrent calls, but the benefits can be worthwhile. Plus, of course, each of our microservices may be called by other programs, or may call each other as necessary, so there may be more than just one source of activity. Continue reading

Microservices Gone Wild – Tech Dive Part 3

In this third post in the series about microservices, I’ll finish building my main application so that I can demonstrate a microservices-based application in action, albeit for a very basic set of functions. This post may be a little go-heavy in places, but bear with it and I’ll get to the demo soon enough. It doesn’t really matter what language is being used; I just used go because it’s good practice for me.

Building The Main Application

As a reminder, the main application will need to accept two numbers on the command line then will need to multiply the two numbers and then square that product. The two mathematical functions (multiply and square) are now offered via a REST API, and each one has its own separate Docker container with apache/PHP to service those requests.

I have created hostnames for the two microservice containers (DNS is the only smart way to address a microservice, after all) and they are accessed as:

• multiply.userv.myapp:5001
• square.userv.myapp:5002

The API path is /api/ followed by the name of the function, multiply or square, and the values to feed to the function are supplied as the query string. Most APIs tend Continue reading

Microservices Gone Wild – Tech Dive Part 2

In this post, I’ll outline the program I’ll be using to demonstrate how microservices work. It’s written in go but it’s pretty straightforward. At the end of the series of posts I will upload all of these examples to github as well, in case anybody wants to poke at them.

The Program – Squariply

For demonstration purposes, I’ll be discussing a very simple program that is currently implemented in a monolithic fashion. I’ve called it squariply for reasons that will momentarily become obvious.

Purpose

Squariply accepts two integers on the command line, calculates the product (i.e. multiplies the two numbers), then squares the resulting number before printing the final result out. Mathematically speaking, if the integers provided on the command line are a and b, the output will be equivalent to (a * b) ^ 2.

Monolithic Code

My extremely amateur go code looks like this:

package main

import (
    "fmt"
    "os"
    "strconv"
)

func main() {
    str_a := os.Args[1]
    str_b := os.Args[2]

    int_a, _ := strconv.Atoi(str_a)
    int_b, _ := strconv.Atoi(str_b)

    multiplyResult := int_a * int_b
    squareResult := multiplyResult * multiplyResult

    fmt.Printf("Result is %d\n", squareResult)
}

For the purposes of clarity, Continue reading

Microservices Gone Wild – Tech Dive Part 1

I’ve heard a lot of noise about microservices in the last couple of years, perhaps most notably when I attended ONUG in Spring 2015 and Adrian Cockcroft from Battery Ventures (previously from Netflix) was pushing the idea of building applications using container-based microservices very convincingly. In this short series of posts, I’ll look at what microservices are, why you might want them (particularly in containers) and — because it would be no fun if this was all just theory — I’ll run through a demonstration where I take a simple monolithic application and successfully break it out into containerized microservices. I’ll share the code I use because I just know you’ll enjoy playing along at home.

Monolithic Applications

In order to consider the benefits of microservices it’s important first to get some context by looking at what is arguably the polar opposite, the monolithic application. I should preface this by saying that defining what constitutes a monolithic application can be a rather nuanced task, depending on the perspective from which one looks. For my purposes though, a monolithic application is typically one where the entire application is delivered in a single release. Even if the application is logically deployed across Continue reading

Response: CAM Table Basics

This post is a response to Greg Ferro’s recent Basics posts on (Content Addressable Memory) CAM tables. As this is a response post, you can assume that I don’t agree entirely with all of his definitions. Alternatively, perhaps I am totally wrong and I need to go back and relearn how CAM works. Either way, Greg loves a good spar, so maybe together with our readers we can determine the truth in an understandable format for the betterment of everybody who isn’t a hardcore digital electronics engineer.

Greg’s Posts

Before continuing, I’d recommend should go reading these posts as context, since they are the basis for this post:

Basics: What is Content Addressable Memory (CAM) ?
Basics: What is Binary CAM (BCAM) ?
Basics: What is Ternary Content Address Memory (TCAM) ?

I’ll now address my concerns post by post below.

What is CAM

A CAM cell in the chip actually consists of two SRAM cells. SRAM requires requires extensive silicon gates to implement that require a lot of power per gate for fast switching. In a chip, power consumption generates heat and leads to limits on thermal dissipation by the limited footprint of a chip. This is a key factor on the Continue reading

Juniper NXTWORK – A New and Better Kind of Conference

Last November, I was invited to the inaugural Juniper customer summit, NXTWORK 2015, and it was a great event. I’m pleased to see that NXTWORK2016 is happening again this year, October 3rd – 5th, 2016 at the Santa Clara Marriott in Santa Clara, CA.

NXTWORK 2015

Rewind the clock to last year. For years, Juniper users have wanted a Juniper technical event if not to rival Cisco Live, then at least to offer some of the same benefits to the attendees. As anybody who organizes a conference will tell you, it’s no mean feat to get even a small event right — Cisco has had 26 years to get Live to where it is now — so I can only imagine how daunting it must be to set up the first Juniper customer event, knowing full well that everything you do will be compared to Cisco Live, just as I am doing now. Wisely, it seems that Juniper decided to look at the basics of what attendees would expect to be at the conference, then wrap those up in its own unique way. While there were a few minor inevitable teething issues, my overwhelming feeling at the end of the conference Continue reading

Pica8 Scales Up to 100G Ethernet

Pica8, early pioneer of disaggregated networking and SDN, today announced a new version of their switch operating system, PicOS v2.7.1. Normally I wouldn’t note a networking OS update, but probably the biggest single update for this release is the new support for 100GigabitEthernet switches, with support for both Broadcom and Cavium / XPliant ASICs.

Currently the Hardware Compatibility List for 100G only features Broadcom-based switches but that will undoubtedly change as relative newcomer Cavium / XPliant continues to challenge Broadcom for speed, features and flexibility. I’m also curious to know whether in the future we’ll see hardware on that list using the Barefoot Tofino™ ASIC as well.

In addition to expanding the supported hardware offerings from HP Enterprise, the HCL now also features the first Dell platform to be certified. Dell and HPE are positioning themselves quite effectively as the branded whitebox solution of choice and their devices are supported by a number of software vendors now.

But why do we care about 100G Ethernet, PicOS and more advanced ASICs?

That’s right; because we always want more than we currently have. And, I suppose, because we keep on scaling our networks with more, faster servers. Sure, we’ll Continue reading

Cumulus, Dell, Red Hat Demo Linux as Full Stack SDDC

Cumulus Networks announced today that in conjunction with Dell and Red Hat, it has created a 300+ node OpenStack pod using standard open source DevOps tools to manage the deployment from top to bottom (i.e. from the spine switch down to the compute node). I thought that was interesting enough to justify a quick post.

All Linux, All The Time

I visited with Cumulus Linux as part of Networking Field Day 9 and learned two very important things:

1. Cumulus co-founder, CEO (at the time), and now CTO, JR Rivers makes a mean cup of espresso;
2. The culture at Cumulus is all about standards. It was expressed repeatedly that Cumulus want to ensure that their linux is absolutely standard, so the file system hierarchy should be the standard, configuration files should be where they normally are, and so forth. A system that doesn’t follow those guidelines becomes a special snowflake that can’t be supported by regular tools and, as you’ll see, this attitude has paid dividends in this solution.

The idea of this software stack demo is to take linux-based switches (Dell brite-box Cumulus-certified hardware running the Cumulus Linux OS) and connect in linux-based compute resources (Dell PowerEdge servers running Continue reading

Late Breaking: Cisco Switches to Arista

The legal feud between Cisco and Arista may finally be over, though perhaps not in the way any of us had expected.

The news starting to filter out of San Jose this morning is that Cisco has agreed to drop its lawsuit in return for the immediate acquisition of Arista Networks’ assets, intellectual property and employees. After the ITC’s initial determination last month that Arista had infringed on three out of five patents listed in the suit, it is understood that this solution was urgently brokered to protect the company’s employees from the potential fallout should the ITC’s next ruling be less than favorable.

Sources close to Cisco CEO Chuck Robbins are saying that Cisco plans to rebrand Arista’s impressive 7500 switch hardware as the new flagship Cisco Nexus 8000 series. With its reassuringly familiar command line interface, Arista’s EOS should be a seamless addition to Cisco’s impressive existing portfolio of network operating systems (i.e. IOS, Native IOS, IOS-XR, IOS-XRv, IOS-XE and NXOS) and customers will likely be lining up to deploy the impressive new Nexus 8000 series hardware without having to suffer through the pains of the usual new product learning curve.

In some ways the timing of Continue reading

IOS For iOS – New Cisco App Brings Network Control To iPhone

This morning Cisco announced the release of a groundbreaking new product offering complete control of a Cisco-based enterprise network using Apple’s iPhone™ platform. IOS For iOS, or IFi® (pronounced eye-Fie, kind of like WiFi but without the W) will be available in the App Store in July 2016. Cisco have described the app as bringing Cellphone Defined Networking (CDN) to busy network engineers and administrators.

What Is IOS For iOS?

The basic idea is to offer real time telemetry and full remote automation of the network so that engineers can make critical changes anywhere and anytime, reducing Mean Time To Restore (MTTR) and increasing employee satisfaction. The system requires at least one companion server to be located in a data center to perform management and automation functions on the user’s behalf. The other component of course is the app itself, which connects to the companion server as needed.

My main initial criticisms of the app are that it requires a massive 23GB (you read that correctly!) of storage on your iPhone, and–due to the screen estate needs and the CPU required for the app to run at a reasonable speed–it is only recommended for use on the iPhone Continue reading

Skyport Systems and The Zero Trust DC

Skyport Systems offers a trusted computing platform to securely host virtual machines. Big deal? Well, maybe more than it seems at first glance.

I was sitting in some Juniper training last week being told about their Zero Trust security capabilities (referred to in VMWare NSX terminology as micro-segmentation), and as I listened I started thinking about zero trust in the wider context of who can be relied upon when it comes to software, and even the hardware on which it runs.

Software Issues

Let’s face it, the events of the the last few years have brought to light for Americans that far from a need to fear what other nation states might be willing to do to get access to our data, the real threat may lie within. Juniper was in the news at the end of last year after the announcement that ScreenOS contained unauthorized code suspected of being planted there by the NSA. And then in January 2016, Juniper announced that ScreenOS would be dropping the NSA-developed Dual_EC_DRBG random number generator which perhaps coincidentally has a known weakness in it, a vulnerability that was made even worse by an implementation change in ScreenOS to use a larger Continue reading